1 /**************************************
3 * http://www.w3.org/TR/WebCryptoAPI
6 /**************************************
10 interface RandomSource {
11 ArrayBufferView getRandomValues(ArrayBufferView array);
14 /**************************************
18 typedef (Algorithm or DOMString) AlgorithmIdentifier;
20 dictionary AlgorithmParameters {
23 dictionary Algorithm {
25 AlgorithmParameters params;
28 /**************************************
46 readonly attribute KeyType type;
47 readonly attribute bool extractable;
48 readonly attribute Algorithm algorithm;
49 readonly attribute KeyUsage[] keyUsage;
52 /**************************************
55 interface CryptoOperation : Future {
56 // Both process() and finish() return this for chaining.
57 CrytpoOperation process(ArrayBufferView buffer);
58 CrytpoOperation finish();
61 readonly attribute Key? key;
62 readonly attribute Algorithm algorithm;
63 readonly attribute any result;
66 /**************************************
69 * REMOVED: supplanted by Future
72 /**************************************
76 // An unformatted sequence of bytes. Intended for secret keys.
78 // The DER encoding of the PrivateKeyInfo structure from RFC 5208.
80 // The DER encoding of the SubjectPublicKeyInfo structure from RFC 5280.
82 // The key is represented as JSON according to the JSON Web Key format.
87 CryptoOperation encrypt(AlgorithmIdentifier algorithm,
89 optional ArrayBufferView? buffer = null);
90 CryptoOperation decrypt(AlgorithmIdentifier algorithm,
92 optional ArrayBufferView? buffer = null);
93 CryptoOperation sign(AlgorithmIdentifier algorithm,
95 optional ArrayBufferView? buffer = null);
96 CryptoOperation verify(AlgorithmIdentifier algorithm,
98 ArrayBufferView signature,
99 optional ArrayBufferView? buffer = null);
100 CryptoOperation digest(AlgorithmIdentifier algorithm,
101 optional ArrayBufferView? buffer = null);
104 Future generateKey(AlgorithmIdentifier algorithm,
105 bool extractable = false,
106 KeyUsage[] keyUsages = []);
108 Future deriveKey(AlgorithmIdentifier algorithm,
110 AlgorithmIdentifier? derivedKeyType,
111 bool extractable = false,
112 KeyUsage[] keyUsages = []);
115 Future importKey(KeyFormat format,
116 ArrayBufferView keyData,
117 AlgorithmIdentifier? algorithm,
118 bool extractable = false,
119 KeyUsage[] keyUsages = []);
121 Future exportKey(KeyFormat format, Key key);
124 Crypto implements RandomSource;
126 partial interface Window {
127 readonly attribute Crypto crypto;
130 /**************************************
133 interface WorkerCrypto {
136 WorkerCrypto implements RandomSource;
138 partial interface WorkerGlobalScope {
139 readonly attribute WorkerCrypto crypto;
142 /**************************************
145 typedef Uint8Array BigInteger;
148 /**************************************
157 /**************************************
160 dictionary RsaKeyGenParams : AlgorithmParameters {
161 // The length, in bits, of the RSA modulus
162 unsigned long modulusLength;
163 // The RSA public exponent
164 BigInteger publicExponent;
167 /**************************************
170 dictionary RsaSsaParams : AlgorithmParameters {
171 // The hash algorithm to use
172 AlgorithmIdentifier hash;
175 /**************************************
178 dictionary RsaPssParams : AlgorithmParameters {
179 // The hash function to apply to the message
180 AlgorithmIdentifier hash;
181 // The mask generation function
182 AlgorithmIdentifier mgf;
183 // The desired length of the random salt
184 unsigned long saltLength;
187 /**************************************
190 dictionary RsaOaepParams : AlgorithmParameters {
191 // The hash function to apply to the message
192 AlgorithmIdentifier hash;
193 // The mask generation function
194 AlgorithmIdentifier mgf;
195 // The optional label/application data to associate with the message
196 ArrayBufferView? label;
199 /**************************************
202 dictionary EcdsaParams : AlgorithmParameters {
203 // The hash algorithm to use
204 AlgorithmIdentifier hash;
207 // NIST recommended curve P-256, also known as secp256r1.
209 // NIST recommended curve P-384, also known as secp384r1.
211 // NIST recommended curve P-521, also known as secp521r1.
215 /**************************************
218 dictionary EcKeyGenParams : AlgorithmParameters {
220 NamedCurve namedCurve;
223 /**************************************
226 typedef Uint8Array ECPoint;
228 dictionary EcdhKeyDeriveParams : AlgorithmParameters {
229 // The peer's EC public key.
233 /**************************************
236 dictionary AesCtrParams : AlgorithmParameters {
237 // The initial value of the counter block. counter MUST be 16 bytes
238 // (the AES block size). The counter bits are the rightmost length
239 // bits of the counter block. The rest of the counter block is for
240 // the nonce. The counter bits are incremented using the standard
241 // incrementing function specified in NIST SP 800-38A Appendix B.1:
242 // the counter bits are interpreted as a big-endian integer and
243 // incremented by one.
245 // The length, in bits, of the rightmost part of the counter block
246 // that is incremented.
247 [EnforceRange] octet length;
250 /**************************************
253 dictionary AesKeyGenParams : AlgorithmParameters {
254 // The length, in bits, of the key.
255 [EnforceRange] unsigned short length;
258 /**************************************
261 dictionary AesCbcParams : AlgorithmParameters {
262 // The initialization vector. MUST be 16 bytes.
266 /**************************************
269 dictionary AesGcmParams : AlgorithmParameters {
270 // The initialization vector to use. May be up to 2^56 bytes long.
272 // The additional authentication data to include.
273 ArrayBufferView? additionalData;
274 // The desired length of the authentication tag. May be 0 - 128.
275 [EnforceRange] octet? tagLength = 0;
278 /**************************************
281 dictionary HmacParams : AlgorithmParameters {
282 // The inner hash function to use.
283 AlgorithmIdentifier hash;
286 /**************************************
289 dictionary DhKeyGenParams : AlgorithmParameters {
293 BigInteger generator;
296 /**************************************
299 dictionary DhKeyDeriveParams : AlgorithmParameters {
300 // The peer's public value.
304 /**************************************
307 dictionary ConcatParams : AlgorithmParameters {
308 // The digest method to use to derive the keying material.
309 AlgorithmIdentifier hash;
311 // A bit string corresponding to the AlgorithmId field of the OtherInfo parameter.
312 // The AlgorithmId indicates how the derived keying material will be parsed and for which
313 // algorithm(s) the derived secret keying material will be used.
314 ArrayBufferView algorithmId;
316 // A bit string that corresponds to the PartyUInfo field of the OtherInfo parameter.
317 ArrayBufferView partyUInfo;
318 // A bit string that corresponds to the PartyVInfo field of the OtherInfo parameter.
319 ArrayBufferView partyVInfo;
320 // An optional bit string that corresponds to the SuppPubInfo field of the OtherInfo parameter.
321 ArrayBufferView? publicInfo;
322 // An optional bit string that corresponds to the SuppPrivInfo field of the OtherInfo parameter.
323 ArrayBufferView? privateInfo;
326 /**************************************
329 dictionary Pbkdf2Params : AlgorithmParameters {
330 ArrayBufferView salt;
331 [Clamp] unsigned long iterations;
332 AlgorithmIdentifier prf;
333 ArrayBufferView? password;
336 /**************************************
340 var algorithmKeyGen = {
341 name: "RSASSA-PKCS1-v1_5",
345 publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // Equivalent to 65537
349 var algorithmSign = {
350 name: "RSASSA-PKCS1-v1_5",
359 window.crypto.generateKey(algorithmKeyGen, false, ["sign"]).done(
361 var dataPart1 = convertPlainTextToArrayBufferView("hello,");
362 var dataPart2 = convertPlainTextToArrayBufferView(" world!");
363 // TODO: create example utility function that converts text -> ArrayBufferView
365 // Because we are not supplying data to .sign(), a multi-part
366 // CryptoOperation will be returned, which requires us to call .process()
368 window.crypt.sign(algorithmSign, key.privateKey)
372 .done(console.log.bind(console, "The signature is: "),
373 console.error.bind(console, "Unable to sign"));
375 console.error.bind(console, "Unable to generate a key:")
379 /**************************************
381 var clearDataArrayBufferView = convertPlainTextToArrayBufferView("Plain Text Data");
382 // TODO: create example utility function that converts text -> ArrayBufferView
384 var aesAlgorithmKeyGen = {
392 var aesAlgorithmEncrypt = {
396 iv: window.crypto.getRandomValues(new Uint8Array(16))
400 // Create a keygenerator to produce a one-time-use AES key to encrypt some data
401 window.crypto.generateKey(aesAlgorithmKeyGen, false, ["encrypt"]).done(
402 function(aesKey) { // A new, random AES key has been generated.
403 // Unlike the signing example, which showed multi-part encryption, here we
404 // will perform the entire AES operation in a single call.
405 window.crypto.encrypt(aesAlgorithmEncrypt,
407 clearDataArrayBufferView)
409 function(cipherText) {
410 console.log("Ciphertext is:", cipherText);
412 console.error.bind(console, "Unable to AES encrypt.");